Re: Syslog question

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Shawn Badger
Date:  
To: Main PLUG discussion list
Subject: Re: Syslog question
Put* local0.none* in the /var/log/messages entry to stop the router entries
from showing up there. So after you changes it would look like this:

*.info;mail.none;authpriv.none;cron.none;*local0.none*
/var/log/messages


On Mon, Jul 12, 2010 at 3:40 PM, Bryan O'Neal <
> wrote:

> Default redhat syslogd
>
> /etc/sysconfig/syslog
> SYSLOGD_OPTIONS="-m 0 -r"
> KLOGD_OPTIONS="-x"
> SYSLOG_UMASK=077
>
> /etc/syslog.conf
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.*                                                 /dev/console

>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none                /var/log/messages

>
> # The authpriv file has restricted access.
> authpriv.*                                              /var/log/secure

>
> # Log all the mail messages in one place.
> mail.*                                                  -/var/log/maillog

>
>
> # Log cron stuff
> cron.*                                                  /var/log/cron

>
> # Everybody gets emergency messages
> *.emerg                                                 *

>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit                                          /var/log/spooler

>
> # Save boot messages also to boot.log
> local7.*                                                /var/log/boot.log

>
> # Chandler.azinterlock.com
> local0.*
> /var/log/azinterlock.chandler.juniper.log
>
> On Mon, Jul 12, 2010 at 3:28 PM, Jason Holtzapple <> wrote:
> > On 07/12/2010 03:25 PM, Bryan O'Neal wrote:
> >> I hope no one makes me hand in my linux geek card on this one but...
> >> I am setting up a remote syslog server to collect information from
> >> various routers across my network. I can prepped local0-7 to the
> >> syslog information and thus direct it to an appropriate log. However I
> >> have set up only one and I am having trouble. While it does go to
> >> /var/log/my.router.log all the information is also going to
> >> /var/log/messages
> >>
> >> How do I stop the duplicate messages? This server is a "comprehensive"
> >> <haha> monitoring server so I have a number of applications writing to
> >> var/log/messages and I don't want to have to hunt through a tun of
> >> router traffic if I have problems.
> >
> > Please post your syslog.conf and flavor of syslog (rsyslog, syslog-ng,
> etc).
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss